# /code-review **Source:** `~/.claude/skills/code-review/SKILL.md` --- --- name: code-review version: "2.0" level: 3 trigger: "code review, review this code, check my code, pre-commit review, security review of code" author: john updated: 2026-03-16 --- # Code Review — Level 3 Supervised Skill Sistematski code review sa if/then control flow. Security-first, actionable feedback. ## WHEN TO USE - IF "review", "code review", "check code", "pre-commit" → activate this skill - IF security-specific request → prioritize Security section, run sentry-security-review first ## WORKFLOW ### Step 1: Scope Check ``` IF large PR (>500 lines): → Split: delegate security to securion sub-agent, delegate logic to code-reviewer sub-agent → Merge reports before final output ELSE: → Single-pass review, continue to Step 2 ``` ### Step 2: RAG Context ```bash node ~/system/tools/rag-router.js query "code review patterns [tech stack]" --top 3 ``` Check HiveMind for prior decisions on this codebase. ### Step 3: Security Scan (ALWAYS FIRST) ``` IF bash/shell code detected → check for injection patterns IF database queries → check for SQL injection IF user input handling → check XSS, validation IF credentials/keys visible → STOP, report immediately (Level 5 block) ``` ### Step 4: Quality Checklist ``` [ ] Correctness: edge cases, error handling, null safety [ ] Security: OWASP Top 10, no hardcoded secrets, input validation [ ] Performance: N+1 queries, unnecessary loops, memory leaks [ ] Maintainability: DRY, naming, dead code [ ] Tests: coverage for happy path + 2 edge cases minimum [ ] GOTCHA: does this introduce regressions? ``` ### Step 5: Report Format ``` IF critical security issue → status: BLOCKED, stop review, escalate IF blocking bugs (>3) → status: NEEDS_WORK IF minor issues only → status: APPROVED_WITH_COMMENTS IF clean → status: APPROVED ``` ## OUTPUT FORMAT (report to John, not user) ``` CODE REVIEW REPORT Status: APPROVED | APPROVED_WITH_COMMENTS | NEEDS_WORK | BLOCKED Files reviewed: [list] Lines reviewed: [count] 🔴 CRITICAL (must fix before merge): - [issue]: [file:line] — [fix suggestion] 🟡 SHOULD FIX: - [issue]: [file:line] — [suggestion] 🟢 OPTIONAL: - [suggestion] Security: PASS | WARN | FAIL Tests: [coverage%] | [missing] Verdict: [one sentence summary] ``` ## ESCALATION - Security FAIL → delegate to securion agent immediately - Architectural concern → delegate to sentinel-architect agent - Performance concern → query HiveMind for prior benchmarks first